CVE-2021-22731

Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
schneiderCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
schneider-electricmcsesp083f23g0_firmware
𝑥
< 8.22
schneider-electricmcsesp083f23g0t_firmware
𝑥
< 8.22
schneider-electricmcsesm043f23f0_firmware
𝑥
< 8.22
schneider-electricmcsesm053f1cu0_firmware
𝑥
< 8.22
schneider-electricmcsesm063f2cu0_firmware
𝑥
< 8.22
schneider-electricmcsesm053f1cs0_firmware
𝑥
< 8.22
schneider-electricmcsesm063f2cs0_firmware
𝑥
< 8.22
schneider-electricmcsesm083f23f0_firmware
𝑥
< 8.22
schneider-electricmcsesm103f2cu0_firmware
𝑥
< 8.22
schneider-electricmcsesm083f23f0h_firmware
𝑥
< 8.22
schneider-electricmcsesm103f2cu0h_firmware
𝑥
< 8.22
schneider-electricmcsesm103f2cs0h_firmware
𝑥
< 8.22
schneider-electricmcsesm123f2lg0_firmware
𝑥
< 8.22
schneider-electricmcsesm093f1cu0_firmware
𝑥
< 8.22
schneider-electricmcsesm093f1cs0_firmware
𝑥
< 8.22
schneider-electricmcsesm103f2cs0_firmware
𝑥
< 8.22
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-01
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-01